H3-2024-0002

AWS Privilege Escalation - iam:PutUserPolicy

Category	SECURITY_MISCONFIGURATION
Base Score	9

Description

An AWS user or role assigned the iam:PutUserPolicy permission, that is not an administrator, can assign an AWS user administrator permissions.

Impact

This misconfiguration permits an AWS user to escalate to administrator permissions.

References

• PutUserPolicy - Documentation